Heartbleed probe for InterMapper

You’ve all heard about the Heartbleed bug in OpenSSL that leaves a lot of information in the open, even private keys for web servers. This catastrophe has been well described in the Heartbleed website and loads of other places.

If you have an internal HTTPS server (or if you want to check all your HTTPS servers), you might be interested in the InterMapper Probe I created that checks a web server for vulnerability to the Heartbleed bug.

The Check Heartbleed probe may take a while to run as it tests all four versions of encryption. You may need to set the Timeout and response time thresholds to 15 seconds to allow it to complete.

The default Version parameter is set to -1: This checks all versions of the TLS (v1.0, v1.1, v1.2) to look for vulnerabilities. You may also enter a version of 0, 1, or 2 to test only TLS v1.0, v1.1, or v1.2, respectively.

Test Cases

The server at https://cloudflarechallenge.com:443 is intentionally vulnerable to Heartbleed

All major HTTPS sites either never were vulnerable, or have been patched.

I have made the Check Heartbleed Probe for InterMapper available at no cost, under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.